package com.profgj.profgj.interceptor;

import com.profgj.profgj.utils.AntiSQLInjectionUtils;
import org.springframework.web.servlet.HandlerInterceptor;
import org.springframework.web.servlet.ModelAndView;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;

/**
 * SQL注入 拦截器 进行检查
 */

public class SqlInjectInterceptor implements HandlerInterceptor {

    @Override
    public boolean preHandle(HttpServletRequest request, HttpServletResponse response, Object handler) throws Exception {

        /**
         * 判断uri是否存在 注入字符
         */
        if(AntiSQLInjectionUtils.getParameterOrURI(request)){

            /**
             * 返回错误信息
             *
             */
            System.out.println("SQL拦截器已启用过滤");
            request.setAttribute("err_code","3");
            request.getRequestDispatcher("/fail").forward(request,response);
            /**
             * 终止向后执行
             */
            return false;
        }

        return true;
    }

    @Override
    public void postHandle(HttpServletRequest request, HttpServletResponse response, Object handler, ModelAndView modelAndView) throws Exception {

    }

    @Override
    public void afterCompletion(HttpServletRequest request, HttpServletResponse response, Object handler, Exception ex) throws Exception {

    }
}
